PowerShell Script: Discover New Users in Active Directory

When new employees join a company, IT technicians have to create their accounts in Active Directory. Later, the IT specialist welcomes each newcomer and helps them log in to the domain. In this article, I’ll show you how to automate this procedure with the help of PowerShell scripting. Feel free to edit this script to suit your particular needs.

This blog post specifically covers the following three subjects:

  1. Read the email password as a secure string, convert it to an encrypted string, and save it in a text file so normal users cannot read it. Later, the script reads it and reverses it to a secure string object to be used as a credential in subsequent email message cmdlets.
  2. Create a script to identify any new users added in AD within the last 24 hours, and send them a welcome email using Gmail’s SMTP server.
  3. Schedule the script to run daily at 12:00 a.m. in Task Scheduler with the help of PowerShell.

 I have used the following cmdlets in this post; details of each cmdlet is available on Technet’s website.

  1. Read-Host (for reading the secure string from a command line as Gmail user passwords)
  2. Send-MailMessage (for sending email messages using an SMTP server)
  3. Get-Date (for getting the current date and time)
  4. Get-Content (for reading an encrypted password from a file)
  5. Get-ADUser (for getting newly added users from AD)
  6. New-ScheduledTaskTrigger (for creating a new scheduled task trigger)
  7. Register-ScheduledTask (for scheduling the new task in Task Scheduler)

I have run this script on Windows Server 2016. You can edit it in accordance with your environment needs. Follow these three steps to get everything working.


Step 1. Save Your Gmail Password as an Encrypted String in a Text File

Open PowerShell with elevated privileges and execute the following cmdlet. This prompts you to enter a password as a secure string and save it in text file as an encrypted string.

Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File “C:\Users\securepassword.txt”


Step 2. Save the Script in a File with .ps1 Extension

Open Notepad, and copy and paste the following code. Save the file as FindOutADUsers.ps1.

##Beginning of functions

Function Send-Email {

Param ($Email, $Credential,$attachment)

$From = "karim.buzdar@gmail.com"
$subject = "Welcome to yourdomain.com"
$SMTPServer = "smtp.gmail.com"
$SMTPPort = "587"

### Beginning of email body

$Body = "Dear User,<br><br>"
$Body += "Welcome to yourdomain.com <br><br>"
$Body += " This email will help you log in to your domain services. Follow these steps to log in to your domain: <br><br>"
$Body += "Step 1. Enter your username <br><br>"
$Body += "Step 2. Enter your password, and press enter <br><br>"
$Body += " Please check the attached screenshot. If you have any problems, please call the help desk at following number: <br><br>"
$Body += "<b>Extension No: 121</b><br><br>"
$Body += "Regards,<br><br>"
$Body += "Yourdomain.com Helpdesk"

### End of email body

Send-MailMessage -from $From -to $Email -Subject $subject -BodyAsHtml $Body -Attachments $attachment -SmtpServer $SMTPServer -Port $SMTPPort -Credential $Credential -UseSsl

}

### End of Functions

##### Beginning of main function

$When = ((Get-Date).AddDays(-1))
$UserName = "karim.buzdar@gmail.com" #Gmail username which is used for sending an email
$Password =  Get-Content "C:\Users\Administrator.YOURDOMAIN\Desktop\FindOutADUsers\securepassword.txt" | ConvertTo-SecureString  #Reading a secure password from file and reversing it back into a secure string object
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($UserName, $Password) #PSCredential for send-mail message cmdlet
$Attachment = "C:\Users\Administrator.YOURDOMAIN\Desktop\FindOutADUsers\Screenshot.png" #Image sending as an attachment with email



foreach ($EmailAddress in Get-ADUser -filter {(whencreated -ge $When)} -Properties emailaddress | Select -ExpandProperty emailaddress) #Iterating over each email of users

{

Send-Email -Email $EmailAddress -Credential $Credential -attachment $Attachment

Write-Host "Email sent: $EmailAddress"

}

### End of main function


Step 3. Schedule the Script Using Task Scheduler

In Notepad, create a new file. Paste the following script and save it with .ps1 extension.

$Trigger= New-ScheduledTaskTrigger -At 12:00am -Daily #Trigger the task daily at 12 AM
$User= "yourdomain\administrator"
$Action= New-ScheduledTaskAction -Execute "PowerShell.exe" -Argument 
"C:\Users\Administrator.YOURDOMAIN\Desktop\FindOutADUsers\FindOutADUsers.ps1"

Register-ScheduledTask -TaskName "FindOutADUsers" -Trigger $Trigger -User $User -Action $Action -RunLevel Highest -Force

Execute the above script in PowerShell with elevated privileges, and you are done!

When a scheduled task runs successfully, newly added users in Active Directory will receive the following email:

Check out my previous post to learn how to create AD users in bulk and email their credentials using PowerShell.

I hope this post will be useful to you. Your feedback and comments are always welcome, especially if something is not working in this script. Good luck!

Are you going to use this PowerShell script?

Loading ... Loading ...